Why do we have a privacy policy?

Nordic APIs AB (“Nordic” or “we”) cares about your privacy. Therefore, we always strive to protect your personal data in the best possible way and to comply with all applicable laws and regulations for the protection of personal data.

The purpose of this privacy policy is to inform you about how we process your personal data as the representative of a company that is or has been our customer, registered to speak at an event, signed up for an event organized by Nordic or signed up to our newsletter.

Who is responsible for the processing of your personal data? Nordic APIs AB, with Swedish company registration number 556937-4183, is responsible for the processing of your personal data (the controller) when Nordic is processing the data for its own purposes.

If you want to contact us regarding our processing of your personal data or exercise any of your rights as described below, please contact us at dataprotection@nordicapis.com. Our postal address is Box 133, 447 23 Vårgårda, Sweden.

How and why do we process your personal data?

We conduct all our processing of your personal data for the following overall purposes (the “Services”): – Communicate news and updates to you by sending you our newsletters, blog digests, informative messages about coming events etc. – Customer relationship management – Arranging and organizing events

Transparency

Our aim is to be as transparent as possible regarding how and why we process your personal data. In the description below, we inform you about why we process your personal data (the purposes of processing), what personal data we process, our legal basis for processing your personal data and how long we process your personal data for each purpose.

- For purposes of customer relationship management

For what purposes do we process your personal data?

What personal data do we process?

What is our legal basis for processing your personal data?

How long do we process your personal data?

To negotiate and close an agreement between the company you represent and Nordic

Your name, phone number and e-mail address

Our legal basis is our legitimate interest to get in contact with you as the representative of a potential customer to Nordic for the purpose of being able to negotiate and close an agreement between the company you represent and Nordic, which in our assessment outweighs your interest of not having your personal data processed

Until the negotiations are over and/or the agreement is agreed upon and signed

To get in contact with you as the representative of our customer during the duration of the agreement we have entered with the company you represent

Your name, phone number and e-mail address

Our legal basis is our legitimate interest to get in contact with you as the representative of our customer for the purpose of being able to communicate with the company you represent, which in our assessment outweighs your interest of not having your personal data processed

Until the agreement with the company that you represent has ended, or until you or the customer gives us new contact details to another person

To name you as reference on invoices to our customer if this is required by the customer (the company you represent)

Your name

Our legal basis is our legitimate interest to name you as reference when Nordic is invoicing the company you represent, which in our assessment outweighs your interest of not having your personal data processed

Your personal data will be stored and otherwise processed, in accordance with the Swedish Accounting Act, for a period of seven (7) years.

To contact you as the representative of a former customer by e-mail and/or phone to try to re-initiate a customer relationship with the former customer

Your name, phone number and e-mail address

Our legal basis is our legitimate interest to get in contact with you for the purpose of re-initiating a customer relationship with you and your company, which in our opinion outweighs your interest of not having your personal data processed

Your personal data will be processed for a maximum of five (5) years after the customer relationship and our Services with you has ended

- To communicate news and updates

For what purposes do we process your personal data?

What personal data do we process?

What is our legal basis for processing your personal data?

How long do we process your personal data?

To send newsletters and relevant offers to you in the role of your profession

Your e-mail address

Our legal basis for sending you newsletters and relevant offers is your given consent to receive such information.

Until you unsubscribe to our newsletter.

- When you signed up or purchased a ticket to an event arranged by Nordic

For what purposes do we process your personal data?

What personal data do we process?

What is our legal basis for processing your personal data?

How long do we process your personal data?

To send updates and relevant information according to the specific event you signed up for

Your name and e-mail address and company/organization you´re representing together with additional information provided in each registration

Our legal basis for sending you updates and relevant information is that you´ve given consent to receive that

Until one (1) months after the event has ended

To inform partners and/or sponsors of that particular event who is attending

Your first name, last name, company of employment and job title

On the basis to allow us to arrange events which require us to have sponsors and/or partners. In certain cases, it is required from these parties to take part of the attendee information

Until six (6) months after the event has ended

To give partners and/or sponsors of that particular event, extended contact information about the attendees who have agreed to this

Your first name, last name, company of employment and job title as well as e-mail address and phone number

In addition to the above, we could also provide your contact details but only after specific consent from you to share these details with our event sponsors and/or partners

Until six (6) months after the event has ended

- When you apply to speak at an event

For what purposes do we process your personal data?

What personal data do we process?

What is our legal basis for processing your personal data?

How long do we process your personal data?

To send updates and relevant information according to the specific event you signed up for

Your name and e-mail address and company/organization you´re representing together with additional information provided in each registration

Our legal basis for sending you updates and relevant information is that you’ve given consent to receive that

Until one (1) month after the event has ended

To publish your speaker profile and session on our event site

Your name and company/organization you´re representing together with additional information provided in each registration

Our legal basis for publishing this is if you've given us consent to do so

Indefinitely

To invite you to speak at other events than the one you signed up for

Your name and e-mail address and company/organization you´re representing together with additional information provided in each registration

Our legal basis for sending you updates and relevant information is that you've given consent to receive that

Until three (5) years after the event has ended

To publish a video of your session on YouTube

Your name and company

Our legal basis for publishing this is if you've given us consent to do so

Indefinitely

What happens if you do not provide us the requested information?

Information about your name and e-mail address is necessary for the performance of the contract with you when you sign up for our newsletter or purchase a ticket to an event. If you do not provide the requested information, we will not be able to provide the Services related to the respective activity.

Who, other than us, may get access to your personal data?

In order to fulfill the Services, we may share your personal data outside of Nordic. We will also share your personal data with our selected internal and external IT suppliers and any other suppliers, including sponsors/partners to Nordic events, however limited to the extent necessary to fulfill their obligations towards Nordic. All of our suppliers, sponsors and partners will before they receive your personal data consent to being compliant with the GDPR regulations.

Do we transfer your personal data outside of the EU/EEA?

When transferring your personal data outside of the EU/EEA, Nordic will ensure this is done in accordance with applicable data protection laws and regulations. This means we will only transfer your personal data outside of the EU/EEA where there is a legal basis for doing this.

Nordic may transfer your personal data to USA-based sponsors, partners and suppliers. If you have signed up to receive our newsletter, Nordic will share your e-mail address with our Privacy Shield certified processor as part of our process for sending you our newsletter. According to a decision adopted by the European Commission, personal data may be transferred to a recipient in the USA provided that the recipient is Privacy Shield certified. Privacy Shield is an agreement between the EU and the USA, which rationale’s is to protect the fundamental rights of Europeans and to ensure legal certainty for businesses transferring personal data to the USA. American companies are able to sign up to be Privacy Shield certified with the U.S. Department of Commerce who will then verify that their privacy policies comply with the high data protection standards required by the Privacy Shield.

What possibilities do you have to affect our processing of your personal data?

As follows by the data protection legislation, you are entitled to a variety of rights regarding our processing of your personal data. In case you wish to exercise any of your rights, please contact us at dataprotection@nordicapis.com. Our postal address is Box 133, 447 23 Vårgårda, Sweden.

At any given time, you have a right to, wholly or partly, withdraw a given consent for the processing of your personal data when the legal basis for our processing is your consent. Your withdrawal will have no effect on our processing of your personal data for the period prior to the withdrawal took place.

In accordance with applicable data protection legislation, you have a right to access. This means that you have the right to obtain confirmation as to whether or not we are processing personal data concerning you and, where this is the case, access to the personal data in accordance with applicable data protection legislation.

You have, without undue delay, a right to obtain rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have a right to have incomplete personal data completed, including by means of providing a supplementary statement.

Under certain circumstances, you have a right to request that personal data concerning you be erased. This is the case where:

• The personal data is no longer necessary for the purposes for which they were collected or otherwise processed; • You withdraw your consent on which the processing is based on and where there is no other legal ground for continuance of the processing; • You object to the processing, the legal basis is our legitimate interest, and there exists no legitimate grounds that overrides your interest of not having your personal data processed; • The personal data have been unlawfully processed;

• The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Nordic is subject to; or • The personal data have been collected in relation to the offer of information society services.

Nordic will erase your personal data upon request unless we have the right to keep the personal data in accordance with the applicable data protection legislation.

You have a right to request that Nordic restrict its processing of your personal data where one of the following circumstances applies:

• The accuracy of the personal data is contested by you (for a period enabling Nordic to verify the accuracy of the personal data); • The processing is unlawful and you oppose the erasure of the personal data and instead requests restriction of its use; • You are in need of the personal data for the establishment, exercise or defense of legal claims despite Nordic no longer having need for the personal data for the purposes which they were collected or otherwise processed; or • You have objected to processing pending the verification whether Nordic’s legitimate grounds override your legitimate grounds for not having your personal data processed.

You have a right to object to the processing of your personal data, which has its basis in a legitimate interest of ours. You also have a right to, at any time, object to our processing for marketing purposes.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation. In Sweden, the supervisory authority is The Swedish Data Protection Authority.

You are entitled to receive personal data concerning you that you have provided us in a structured commonly used, machine-readable and interoperable format, and to transmit the personal data to another controller (data portability). This right will apply when:

• The processing is based on consent or on a contract; and • The processing is carried out by automated means.

In exercising your right to data portability, you have the right to have personal data transmitted directly from Nordic to another controller, where technically feasible.